Comments | andukar: So it GOES

andukar

So it GOES

Sep 21, 2008 11:29

Password Requirements:
* Minimum Length : 8
* Maximum Length : 12
* Maximum Repeated Characters : 2
* Minimum Alphabetic Characters Required : 1
* Minimum Numeric Characters Required : 1
* Starts with a Numeric Character
* No User Name
* No past passwords
* At least one character must be ~!@#$%^&*()-_+={}[]|;:/?.,<>"'`

Ok...

Comments 13

kishmo September 21 2008, 16:07:28 UTC

that better be the password for like, NASA's intranet or something super important. If it's for something as trivial as, say, an email account...wtf.

andukar September 21 2008, 16:33:04 UTC

It's for GOES - "Global Online Enrollment System".

quikchange September 22 2008, 15:06:11 UTC

Are you doing the trusted traveller thing?

andukar September 22 2008, 15:51:03 UTC

Yep! No customs between US/Canada seems really convenient. :)

joenotcharles September 21 2008, 16:20:23 UTC

Maximum length 12? WTF?

Anyway, you need KeepAss for passwords like this.

joenotcharles September 21 2008, 16:21:17 UTC

Maximum repeated characters also cuts down on the search space rather than widening it. Not good.

andukar September 21 2008, 16:31:52 UTC

And what's the point of "starts with a number"?

slajoie September 30 2008, 01:40:24 UTC

Actually, every one of those rules cuts the search space. The reason for having rules is to make users pick passwords that will be more evenly distributed across all possible passwords, thus making the average search time a lot longer. For example, the 20%+ who would have picked their own user name (out-of-ass number, but probably reasonably close) will instead be forced to make something else up.

It's still rather futile. People will find a way to be lazy anyway. Combine "must start with a number" and "can't reuse past passwords" and most users will increment the number every time they are asked to change passwords...

Sounds familliar kinthelt September 21 2008, 20:07:34 UTC

I have a similar password restriction at someplace...

Minimum length: 8
At least one upper case character
At least one lower case character
At least one numeric character
At least one "special" character (what the hell does this mean? Alt-255?)
No dictionary words
No usernames
No previous passwords

Basically, they are forcing me to have to write down my password.

Re: Sounds familliar andukar September 21 2008, 20:12:19 UTC

Didn't you know that that's how you get true security?

starfia September 22 2008, 04:15:34 UTC

I'll show you true security!

- Minimum Length: 8
- Maximum Length: 8
- Numeric Characters Allowed: 1
- Must Start with a Numeric Character
- Numeric Characters Must Equal Total Number Of Characters In Password
- Second, Fourth, and Seventh Characters Must Be "i"
- Must End with "c"
- Remaining Empty Spaces Must Spell the Word "dot" in Isolation
- Please Stab Yourself In The Hand: Yes

Follow these instructions exactly and no one could possibly breach your login.

quikchange September 22 2008, 15:07:09 UTC

For bonus points, can you create a regex and captures these arcane rules?

andukar September 22 2008, 15:52:03 UTC

Yes, but it would be very ugly. It's only doable because of the 8-12 character range.

Counting in regexps just doesn't work well.